UNPKG

@ws-kit/zod

Version:

Zod validator adapter for WS-Kit with runtime schema validation and full TypeScript inference

kriasoft.com/ws-kit/

kriasoft/ws-kit

293 lines 15.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
// SPDX-FileCopyrightText: 2025-present Kriasoft // SPDX-License-Identifier: MIT import { getRouteIndex } from "@ws-kit/core"; import { getKind, getRouterPluginAPI, getSchemaOpts, typeOf, } from "@ws-kit/core/internal"; import { definePlugin } from "@ws-kit/core/plugin"; import { withMessaging as coreWithMessaging, withRpc as coreWithRpc, } from "@ws-kit/plugins"; import { getZodPayload, validatePayload } from "./internal.js"; /** * Helper to format Zod errors for better DX. * @internal */ function formatValidationError(error) { if (error.flatten) { const flat = error.flatten(); const issues = [ ...(flat.formErrors || []), ...Object.entries(flat.fieldErrors || {}).flatMap(([field, msgs]) => (msgs || []).map((m) => `${field}: ${m}`)), ]; return issues.length > 0 ? issues.join("; ") : JSON.stringify(error); } return JSON.stringify(error); } /** * Helper to resolve effective options, preferring per-schema over plugin defaults. * @internal */ function resolveOptions(schemaOpts, pluginOpts) { return { validateOutgoing: schemaOpts?.validateOutgoing ?? pluginOpts.validateOutgoing ?? true, }; } export function withZod(options) { const pluginOpts = { validateOutgoing: options?.validateOutgoing ?? true, onValidationError: options?.onValidationError, }; return definePlugin((router) => { // Step 1: Apply core messaging and RPC plugins first // These provide ctx.send(), ctx.reply(), ctx.error(), ctx.progress() router.plugin(coreWithMessaging()); router.plugin(coreWithRpc()); // Step 2: Get plugin API for registering validation middleware const api = getRouterPluginAPI(router); // Step 3: Inject validation middleware that validates root message and enriches context // This runs BEFORE core messaging/RPC enhancers (lower priority) // so that ctx.payload is available for the messaging methods to use router.use(async (ctx, next) => { // Skip validation for system lifecycle events ($ws:open, $ws:close) // These are handled by router.onOpen/onClose and don't need payload validation if (typeof ctx.type === "string" && ctx.type.startsWith("$ws:")) { await next(); return; } // Capture lifecycle for use in error handlers const lifecycle = api.getLifecycle(); // Get the schema from route index by looking up the type const routeIndex = getRouteIndex(router); const schemaInfo = routeIndex.get(ctx.type); if (schemaInfo) { const schema = schemaInfo.schema; const enhCtx = ctx; // If schema is a Zod object (has safeParse), validate the full root message if (typeof schema?.safeParse === "function") { // Get per-schema options and resolve effective options const schemaOpts = getSchemaOpts(schema); resolveOptions(schemaOpts, pluginOpts); // Construct normalized inbound message const inboundMessage = { type: ctx.type, meta: enhCtx.meta || {}, ...(enhCtx.payload !== undefined ? { payload: enhCtx.payload } : {}), }; // Validate against root schema (enforces strict type, meta, payload) // Always use safeParse for consistent error handling. // Coercion is controlled by schema design (z.coerce.*), not runtime flags. const result = schema.safeParse(inboundMessage); if (!result.success) { // Create validation error and route to error sink const validationError = new Error(`Validation failed for ${ctx.type}: ${formatValidationError(result.error)}`); validationError.code = "VALIDATION_ERROR"; validationError.details = result.error; // Call custom hook if provided, otherwise route to error handler if (pluginOpts.onValidationError) { await pluginOpts.onValidationError(validationError, { type: ctx.type, direction: "inbound", payload: enhCtx.payload, }); } else { await lifecycle.handleError(validationError, ctx); } return; } // Enrich context with validated payload (extracted from root validation) if (result.data.payload !== undefined) { enhCtx.payload = result.data.payload; } // Stash schema info for later use in reply/progress/send validation const kind = getKind(schemaInfo.schema); // read from DESCRIPTOR symbol const existingWskit = enhCtx.__wskit || {}; Object.defineProperty(enhCtx, "__wskit", { enumerable: false, configurable: true, value: { ...existingWskit, ...(kind !== undefined && { kind }), request: schema, response: schema.response, }, }); } } // Continue with enriched context await next(); }); // Step 4: Register context enhancer to add outbound validation capability // This wraps the core messaging/RPC methods to optionally validate outgoing payloads api.addContextEnhancer((ctx) => { const enhCtx = ctx; // Capture lifecycle for use in nested functions const lifecycle = api.getLifecycle(); // Helper: validate outgoing message (full root validation) const validateOutgoingPayload = async (schema, payload) => { // Get per-schema options and resolve effective options for this schema const schemaOpts = typeof schema === "object" ? getSchemaOpts(schema) : undefined; const eff = resolveOptions(schemaOpts, pluginOpts); if (!eff.validateOutgoing) { return payload; } const schemaObj = schema; // If schema has safeParse, validate full root message if (typeof schemaObj?.safeParse === "function") { // Construct outbound message const outboundMessage = { type: typeOf(schemaObj, schema), meta: {}, ...(payload !== undefined ? { payload } : {}), }; const result = schemaObj.safeParse(outboundMessage); if (!result.success) { const validationError = new Error(`Outbound validation failed for ${typeOf(schemaObj, schema) || "unknown"}: ${formatValidationError(result.error)}`); validationError.code = "OUTBOUND_VALIDATION_ERROR"; validationError.details = result.error; if (pluginOpts.onValidationError) { await pluginOpts.onValidationError(validationError, { type: typeOf(schemaObj, schema) || "unknown", direction: "outbound", payload, }); } else { await lifecycle.handleError(validationError, ctx); } throw validationError; } return result.data.payload ?? payload; } // Fallback for schemas that don't have safeParse (e.g., legacy message descriptors). // In normal usage with message() and rpc() builders, this branch is never reached. // This path exists for edge cases where schemas are constructed manually. const payloadSchema = getZodPayload(schema); if (!payloadSchema) { // Non-Zod schema without payload metadata—skip validation return payload; } const result = validatePayload(payload, payloadSchema); if (!result.success) { const validationError = new Error(`Outbound validation failed for ${typeOf(schemaObj, schema) || "unknown"}: ${formatValidationError(result.error)}`); validationError.code = "OUTBOUND_VALIDATION_ERROR"; validationError.details = result.error; if (pluginOpts.onValidationError) { await pluginOpts.onValidationError(validationError, { type: typeOf(schemaObj, schema) || "unknown", direction: "outbound", payload, }); } else { await lifecycle.handleError(validationError, ctx); } throw validationError; } return result.data ?? payload; }; // Helper: validate payload against RPC response schema const validateProgressPayload = async (responseSchema, progressPayload) => { // Get per-schema options and resolve effective options const schemaOpts = getSchemaOpts(responseSchema); const eff = resolveOptions(schemaOpts, pluginOpts); if (!eff.validateOutgoing) { return progressPayload; } // Get the payload schema from the response message schema const schemaObj = responseSchema; if (typeof schemaObj?.safeParse === "function") { // Construct a temporary message to validate the payload shape const tempMessage = { type: schemaObj.responseType || typeOf(schemaObj), meta: {}, ...(progressPayload !== undefined ? { payload: progressPayload } : {}), }; const result = schemaObj.safeParse(tempMessage); if (!result.success) { const validationError = new Error(`Progress validation failed for ${ctx.type}: ${formatValidationError(result.error)}`); validationError.code = "PROGRESS_VALIDATION_ERROR"; validationError.details = result.error; if (pluginOpts.onValidationError) { await pluginOpts.onValidationError(validationError, { type: "$ws:rpc-progress", direction: "outbound", payload: progressPayload, }); } else { await lifecycle.handleError(validationError, ctx); } throw validationError; } return result.data.payload ?? progressPayload; } return progressPayload; }; // Wrap extension methods with validation. // Core plugins expose delegates on ctx that call through to extensions, // so wrapping the extension method is sufficient - no ctx assignment needed. // This avoids "enhancer overwrote ctx properties" warnings. const messagingExt = ctx.extensions.get("messaging"); const rpcExt = ctx.extensions.get("rpc"); const pubsubExt = ctx.extensions.get("pubsub"); if (messagingExt?.send) { // Wrap send() with outbound validation const coreSend = messagingExt.send; messagingExt.send = async (schema, payload, opts) => { const validatedPayload = await validateOutgoingPayload(schema, payload); return coreSend(schema, validatedPayload, opts); }; } if (rpcExt?.reply) { // Wrap reply() with outbound validation const coreReply = rpcExt.reply; rpcExt.reply = async (payload, opts) => { const wskit = enhCtx.__wskit; if (wskit?.response) { const schemaOpts = getSchemaOpts(wskit.response); const eff = resolveOptions(schemaOpts, pluginOpts); const shouldValidate = opts?.validate ?? eff.validateOutgoing; if (shouldValidate) { const validatedPayload = await validateOutgoingPayload(wskit.response, payload); return coreReply(validatedPayload, opts); } } return coreReply(payload, opts); }; } if (rpcExt?.progress) { // Wrap progress() with outbound validation const coreProgress = rpcExt.progress; rpcExt.progress = async (payload, opts) => { const wskit = enhCtx.__wskit; if (wskit?.response) { const schemaOpts = getSchemaOpts(wskit.response); const eff = resolveOptions(schemaOpts, pluginOpts); const shouldValidate = opts?.validate ?? eff.validateOutgoing; if (shouldValidate) { const validatedPayload = await validateProgressPayload(wskit.response, payload); return coreProgress(validatedPayload, opts); } } return coreProgress(payload, opts); }; } if (pubsubExt?.publish) { // Wrap publish() with outbound validation const corePublish = pubsubExt.publish; pubsubExt.publish = async (topic, schema, payload, opts) => { const validatedPayload = await validateOutgoingPayload(schema, payload); return corePublish(topic, schema, validatedPayload, opts); }; } }, { priority: 100 }); // Return the plugin API extensions with capability marker and rpc(). return { validation: true, __caps: { validation: true }, }; }); } //# sourceMappingURL=plugin.js.map